From 9690acd9e5ff473fdc88ef13bcc98bb698cfb269 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 21 Feb 2019 22:45:23 +0100 Subject: [PATCH] Move private files in a better layout --- nixops/eldiron.nix | 5 +++-- nixops/scripts/nixops_wrap | 15 ++++++++++----- nixops/scripts/pull_deployment | 2 +- nixops/scripts/push_deployment | 2 +- nixops/scripts/setup | 10 +++++----- 5 files changed, 20 insertions(+), 14 deletions(-) diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 8dc8c4d..5dff7d4 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix @@ -1,4 +1,4 @@ -{ environment ? ./environment.nix }: +{ privateFiles ? ./. }: { network = { description = "Immae's network"; @@ -12,7 +12,8 @@ mylibs = import ../libs.nix; mypkgs = import ../default.nix; myconfig = { - env = import environment; + inherit privateFiles; + env = import "${privateFiles}/environment.nix"; ips = { main = "176.9.151.89"; production = "176.9.151.154"; diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap index 24b8381..561bf6e 100755 --- a/nixops/scripts/nixops_wrap +++ b/nixops/scripts/nixops_wrap @@ -6,12 +6,12 @@ if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then exit 1; fi -TEMP=$(mktemp /tmp/XXXXXX-environment.nix) +TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) chmod go-rwx $TEMP finish() { - rm -f "$TEMP" - nixops set-args --unset environment + rm -rf "$TEMP" + nixops set-args --unset privateFiles } trap finish EXIT @@ -20,8 +20,13 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" export NIXOPS_DEPLOYMENT="$DeploymentUuid" -pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP -nixops set-args --argstr environment "$TEMP" +# pass cannot "just" list files in a directory without showing a tree :( +files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //') + +for file in $files; do + pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file +done +nixops set-args --argstr privateFiles "$TEMP" export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs" nixops "$@" diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment index 796ff9b..8ee9b75 100755 --- a/nixops/scripts/pull_deployment +++ b/nixops/scripts/pull_deployment @@ -24,7 +24,7 @@ EOF fi fi -deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) +deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) echo "$deployment" | nixops import diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment index 07a804e..e43b6be 100755 --- a/nixops/scripts/push_deployment +++ b/nixops/scripts/push_deployment @@ -11,4 +11,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" export NIXOPS_DEPLOYMENT="$DeploymentUuid" -nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment +nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment diff --git a/nixops/scripts/setup b/nixops/scripts/setup index bb433ba..c94b72b 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup @@ -50,8 +50,8 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then The key to access private git repositories (websites hosted by the server) needs to be accessible to nix builders. It will be put in /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) - > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null - > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null + > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null + > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub Continue? [y/N] @@ -65,10 +65,10 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then mask=$(umask) umask 0777 # Don’t forward it directly to tee, it would break ncurse pinentry - key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey) + key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey) echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops - pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub) + pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub) echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub @@ -133,7 +133,7 @@ if ! nixops info 2>/dev/null >/dev/null; then EOF read y if [ "$y" = "y" -o "$y" = "Y" ]; then - deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) + deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) echo "$deployment" | nixops import nixops modify "$(dirname $DIR)/eldiron.nix" -- 2.41.0